[ubuntu/cosmic-proposed] chromium-browser 69.0.3497.81-0ubuntu1 (Accepted)

Olivier Tilloy olivier.tilloy at canonical.com
Wed Sep 5 09:33:14 UTC 2018 

chromium-browser (69.0.3497.81-0ubuntu1) cosmic; urgency=medium

  * Upstream release: 69.0.3497.81
    - CVE-2018-16065: Out of bounds write in V8.
    - CVE-2018-16066: Out of bounds read in Blink.
    - CVE-2018-16067: Out of bounds read in WebAudio.
    - CVE-2018-16068: Out of bounds write in Mojo.
    - CVE-2018-16069: Out of bounds read in SwiftShader.
    - CVE-2018-16070: Integer overflow in Skia.
    - CVE-2018-16071: Use after free in WebRTC.
    - CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with
      Android's MediaPlayer.
    - CVE-2018-16073: Site Isolation bypass after tab restore.
    - CVE-2018-16074: Site Isolation bypass using Blob URLS.
    - CVE-2018-16075: Local file access in Blink.
    - CVE-2018-16076: Out of bounds read in PDFium.
    - CVE-2018-16077: Content security policy bypass in Blink.
    - CVE-2018-16078: Credit card information leak in Autofill.
    - CVE-2018-16079: URL spoof in permission dialogs.
    - CVE-2018-16080: URL spoof in full screen mode.
    - CVE-2018-16081: Local file access in DevTools.
    - CVE-2018-16082: Stack buffer overflow in SwiftShader.
    - CVE-2018-16083: Out of bounds read in WebRTC.
    - CVE-2018-16084: User confirmation bypass in external protocol handling.
    - CVE-2018-16085: Use after free in Memory Instrumentation.
  * debian/control: add uuid-dev as a build dependency (needed by fontconfig)
  * debian/patches/additional-search-engines.patch: refreshed
  * debian/patches/clang-601-atomics.patch: removed, no longer needed
  * debian/patches/disable-sse2: refreshed
  * debian/patches/fix-extra-arflags.patch: refreshed
  * debian/patches/gn-add-missing-arm-impl-files.patch: added
  * debian/patches/last-commit-position: replaced by
    debian/patches/gn-no-last-commit-position.patch
  * debian/patches/search-credit.patch: refreshed
  * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
  * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
  * debian/patches/suppress-newer-clang-warning-flags.patch: updated
  * debian/patches/swiftshader-default-visibility.patch: added
  * debian/patches/title-bar-default-system.patch-v35: refreshed

Date: Wed, 05 Sep 2018 09:41:19 +0200
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chromium-browser/69.0.3497.81-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 05 Sep 2018 09:41:19 +0200
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: source
Version: 69.0.3497.81-0ubuntu1
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes:
 chromium-browser (69.0.3497.81-0ubuntu1) cosmic; urgency=medium
 .
   * Upstream release: 69.0.3497.81
     - CVE-2018-16065: Out of bounds write in V8.
     - CVE-2018-16066: Out of bounds read in Blink.
     - CVE-2018-16067: Out of bounds read in WebAudio.
     - CVE-2018-16068: Out of bounds write in Mojo.
     - CVE-2018-16069: Out of bounds read in SwiftShader.
     - CVE-2018-16070: Integer overflow in Skia.
     - CVE-2018-16071: Use after free in WebRTC.
     - CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with
       Android's MediaPlayer.
     - CVE-2018-16073: Site Isolation bypass after tab restore.
     - CVE-2018-16074: Site Isolation bypass using Blob URLS.
     - CVE-2018-16075: Local file access in Blink.
     - CVE-2018-16076: Out of bounds read in PDFium.
     - CVE-2018-16077: Content security policy bypass in Blink.
     - CVE-2018-16078: Credit card information leak in Autofill.
     - CVE-2018-16079: URL spoof in permission dialogs.
     - CVE-2018-16080: URL spoof in full screen mode.
     - CVE-2018-16081: Local file access in DevTools.
     - CVE-2018-16082: Stack buffer overflow in SwiftShader.
     - CVE-2018-16083: Out of bounds read in WebRTC.
     - CVE-2018-16084: User confirmation bypass in external protocol handling.
     - CVE-2018-16085: Use after free in Memory Instrumentation.
   * debian/control: add uuid-dev as a build dependency (needed by fontconfig)
   * debian/patches/additional-search-engines.patch: refreshed
   * debian/patches/clang-601-atomics.patch: removed, no longer needed
   * debian/patches/disable-sse2: refreshed
   * debian/patches/fix-extra-arflags.patch: refreshed
   * debian/patches/gn-add-missing-arm-impl-files.patch: added
   * debian/patches/last-commit-position: replaced by
     debian/patches/gn-no-last-commit-position.patch
   * debian/patches/search-credit.patch: refreshed
   * debian/patches/set-rpath-on-chromium-executables.patch: refreshed
   * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
   * debian/patches/suppress-newer-clang-warning-flags.patch: updated
   * debian/patches/swiftshader-default-visibility.patch: added
   * debian/patches/title-bar-default-system.patch-v35: refreshed
Checksums-Sha1:
 1cbf687a582b1bbae2dd82ce1660b12f9661578d 2572 chromium-browser_69.0.3497.81-0ubuntu1.dsc
 0f9fcee4607d5a9a5c5333c4eccf6654c4dfbce1 617333008 chromium-browser_69.0.3497.81.orig.tar.xz
 ff817568be73b7c33958fe576094fedd6390bad1 2360124 chromium-browser_69.0.3497.81-0ubuntu1.debian.tar.xz
 f7554a01b111743c5118a0f56e3bd622f8b2325b 18322 chromium-browser_69.0.3497.81-0ubuntu1_source.buildinfo
Checksums-Sha256:
 7d4ffc3065307e8b82c9b945c424525e1eeef70169510ae2077b5eeee89fb4ba 2572 chromium-browser_69.0.3497.81-0ubuntu1.dsc
 165ac7d0d4588e6b4a16331e0a9906ed013f2d29a96b54f0ea78fa0298f97144 617333008 chromium-browser_69.0.3497.81.orig.tar.xz
 d6d6a92f20eeaa1ff5f6956059f9d4c128cd134f90635d4ed8ccb7d810cb01d8 2360124 chromium-browser_69.0.3497.81-0ubuntu1.debian.tar.xz
 c7f7bf35f33091e73a775e2d1dc9181698a160867f5a2fcb0120f318374195e5 18322 chromium-browser_69.0.3497.81-0ubuntu1_source.buildinfo
Files:
 db0e3197e6f52b7305c89857e9633865 2572 web optional chromium-browser_69.0.3497.81-0ubuntu1.dsc
 ddfdd70d9cab3b8bc7628494936db41f 617333008 web optional chromium-browser_69.0.3497.81.orig.tar.xz
 7795b3a950d557755819222710974562 2360124 web optional chromium-browser_69.0.3497.81-0ubuntu1.debian.tar.xz
 b54f91c218b052a0a77f6b75b5ad3b49 18322 web optional chromium-browser_69.0.3497.81-0ubuntu1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEOEr9Mc7+BgD56Np90yjXIxis5scFAluPirIACgkQ0yjXIxis
5selMQf9FeIDisAZWu1W/1RlxnjxlaxomAmJK2vylc/MlFOHk56QzuTGCIiCDsMP
04x+VxRVSZVH6NhG2iUya1L8cDa7Uf8YrFxixvfMWMLLhWHK+jfbO/UZwhAUrr5b
dgO47BO9iXyC3pW/dfjdpOIn/gWamm8lR59yOHmnmmjRqFl8iEfr5tokTr3pUtTd
0pUNiO1pitlh1hVqpcafSr4Vb/fv+Q1TzuoOvEySCP1j6GqYjJw2gOXpNcBjEjOy
bocxCp89VjVru8VrjUYYIrfNtgjxmBNV3j/kHvsmoiTI1tpjFDlE0rinDWBdEYIX
HFpnIU1TRCDedQ6kUTa1k9vaRezBng==
=JyqJ
-----END PGP SIGNATURE-----

More information about the Cosmic-changes mailing list